Check out these https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
This is a regular paragraph.
<script>alert('xss');</script>
This is another regular paragraph.
hello <a href="www.google.com">*you*</a>
hello <a name="n" href="javascript:alert('xss')">*you*</a>
[some text](javascript:alert('xss'))
> hello <a name="n"
> href="javascript:alert('xss')">*you*</a>